More details, then I'll tell you all the answer (thanks to Chris B)

From the wife's windows machine I cannot ssh to my work IP, but I can from
other machines locally.  I cannot connect via mstsc to work but I can via
rdesktop from other machines.
I cannot connect to http://m0n0wall/ but I can to http://10.28.1.1/

I see this in syslog from m0n0wall box
/kernel: arp: 00:05:5d:25:29:83 is using my IP address 10.28.1.1!
/kernel: arp: 00:60:08:35:bb:95 is using my IP address 10.28.1.1!
/kernel: arplookup 202.0.37.196 failed: host is not on local network
That IP is my work, which turned out to be not related to this problem

On the windows XP box arp -a says this
  10.28.1.1             00-05-5d-25-29-83     dynamic
which is wrong... that MAC is for the wireless nic in the m0n0wall box,
which is IP 10.29.1.1

The XP box's IP is doing POP3 to an ISP pop server, and is showing up in the
system logs as coming from the wireless NIC (and being blocked.)

I have one XP machine and a switch on OPT1 (also called Garage because
that's where it is) which is bridged with LAN.  The XP machine there does
NOT display these symptoms at all.

In summary.... all boxes display the right things in their arp tables,
except for the windows box.  I've done a clear of the arp table with arp -d
*   but it still does the same.
--------------------------------------------------------
The answer:

I have a wireless card in the m0n0wall box.  I also have a wireless AP in
the house.  When I changed the wireless card from a Dlink DWL-650 to a
DWL-660 with an external aerial the other day, the card associated (?right
phrase?) with the access point inside.... Creating a loop in the ethernet.
Normally such things are easy to spot cos all the flashing lights on the
hub/switches.  The m0n0wall box was doing lots of firewalling though, so
most stuff was blocked.

Everything is obvious in hindsight!


-----Original Message-----
From: C. Falconer [mailto:cfalconer at avonside dot school dot nz] 
Sent: Thursday, 2 December 2004 9:31 a.m.
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] m0n0wall complains about ARP conflicts?


I changed the wireless card in my m0n0wall 1.1 box from a dlink 500 to a
dlink 650, then rebooted. A couple of days later I notice this weirdness in
syslog:

Dec 1 12:59:29 /kernel: arp: 00:60:08:35:bb:95 is using my IP address
10.28.1.1! Dec 1 12:59:29 /kernel: arp: 00:05:5d:25:29:83 is using my IP
address 10.28.1.1!

Now, arp on an internal linux box claims:
Address                  HWtype  HWaddress           Flags Mask     Iface
m0n0wall.criggie.dyndns  ether   00:60:08:35:BB:95   C              eth0

An interesting symptom - the windows XP box on the lan can connect to
m0n0wall's IP but not the hostname.  A linux box can connect to both the IP
and the hostname.

Here's the sections from the m0n0wall's interfaces page:
WAN interface
Status up
MAC address 00:60:97:dd:95:8d
IP address 202.999.999.999
Subnet mask 255.255.255.0
Gateway 202.999.999.1

LAN interface
Status up
MAC address 00:60:08:35:bb:95
IP address 10.28.1.1
Subnet mask 255.255.0.0
Media 100baseTX <full-duplex>

Wireless interface
Status associated
MAC address 00:05:5d:25:29:83
IP address 10.29.1.1
Subnet mask 255.255.0.0
Channel 6
SSID criggie.dyndns.org
In/out packets 12650/290 (1.08 MB/17 KB)
In/out errors 0/0
Collisions 37
  (this wireless link isn't used for anything yet.)

CLUG horse interface
Status up
MAC address 00:60:08:a1:12:11
IP address 192.168.1.1
Subnet mask 255.255.255.0
Media 100baseTX <full-duplex>
  (this is a ghetto-hosted machine on its own interface)

Garage interface
Status up
MAC address 00:60:08:a1:12:3e
Media 100baseTX <full-duplex>
 (this is bridged with lan)


What has happened?  Do I have a corrupt arp table somewhere?  Did the change
of wireless NIC do this (seems doubtful.)


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch